Department of Homeland Security Daily Open Source Infrastructure Report

Friday, October 31, 2008

Complete DHS Daily Report for October 31, 2008

Daily Report

Headlines

 According to Tri-State Media, two people are dead and five injured after an explosion at an oil well site a mile west of Crossville, Illinois, Wednesday morning. (See item 1)

1. October 29, Tri-State Media – (Illinois) 2 killed, 5 injured in oilfield explosion. Two people are dead and five injured after an explosion at an oil well site a mile west of Crossville, Illinois, Wednesday morning. The White County sheriff said Wednesday afternoon that five of the seven people working at the site owned by French Creek Oil Co. of Grayville, Illinois, were taken to various hospitals. Crews were capping the oil well when an apparent explosion occurred, followed by a huge flare of burning gas that engulfed the site. The sheriff said that area emergency agencies brought fire equipment and staff from surrounding communities in Indiana and Illinois and that an Illinois Office of Mines and Minerals representative from that agency’s Carmi, Illinois, office was on scene. Occupational Safety and Health Administration and Illinois Emergency Management Agency will also be involved in the investigation into the incident. Source: http://www.tristate-media.com/articles/2008/10/30/pdclarion/news/news1.txt

 Guardian.co.uk reports that hundreds of Syrian riot police surrounded the U.S. embassy in Damascus Thursday as tens of thousands of protesters gathered nearby to denounce a U.S. raid that killed eight people near the Iraqi border. (See item 23)

23. October 30, guardian.co.uk – (International) Syria puts U.S. embassy under guard as tens of thousands join protest. On October 30, hundreds of Syrian riot police surrounded the U.S. embassy in Damascus as tens of thousands of protesters gathered nearby to denounce a U.S. raid that killed eight people near the Iraqi border. The crowds converged on Youssef al-Azmi square, about a mile from the embassy – which was closed for the day because of security concerns. Troops wearing helmets and carrying batons and shields took up positions around the embassy and the adjacent U.S. residence building. Two fire engines were parked nearby. There were no signs of violence as protesters formed circles and danced traditional dances. The Syrian government has demanded a U.S. apology for the attack in the eastern border community, which it says left eight civilians dead. It has threatened to cut off cooperation on Iraqi border security if there are more raids on its territory. Syrian security around the embassy is usually tight, and Americans in the country are generally made to feel welcome but when the U.S. invaded Iraq protesters attacked the embassy. The American school has been shut for the day. The Syrian government has ordered the school to shut down – this is expected within a week – and the immediate closing of the American cultural centre linked to the embassy. Source: http://www.guardian.co.uk/world/2008/oct/30/syria-us-embassy-protest

Details

Banking and Finance Sector


10. October 29, Bloomberg – (National) Bank of America sues Bear Stearns, Cioffi, Tannin. Bear Stearns Cos. and two high profile hedge-fund managers allegedly lied to Bank of America Corp. in a “desperate” bid for capital to prop up failing funds, according to a suit seeking more than $2 billion. Bank of America Wednesday sued JPMorgan Chase & Co.’s Bear Stearns Asset Management and the two indicted hedge-fund managers in Manhattan federal court over what it claimed was “egregious conduct” relating to a “CDO-squared” transaction. JPMorgan, which Bank of America did not name as a defendant, acquired Bear Stearns in April after customers and lenders deserted the firm because of concerns that it was running out of cash. JPMorgan, the largest U.S. bank by market value, said when it bought Bear that it expected $6 billion in costs related to litigation, consolidation, and other expenses. Source: http://www.bloomberg.com/apps/news?pid=20601087&sid=a_9KJGpfWCEg&refer=home


Information Technology


26. October 30, IDG News Service – (International) ICANN delays shutting down spammy Estonian registrar. The overseer of the Internet’s addressing system said on Wednesday it will delay shutting down a deceitful Estonian domain registrar pending a review. The Internet Corporation for Assigned Names and Numbers (ICANN) sent a letter to EstDomains on October 28 saying it would revoke the company’s accreditation effective November 12 and move the 281,000 domains under its management to another registrar. ICANN’s regulations allow it to revoke a registrar’s accreditation if an executive of the company has been convicted of certain felonies or misdemeanors. EstDomains’ president was convicted of credit card fraud, money laundering and document forgery in an Estonian court on February 6, ICANN said. A study published in August by several security experts found that dozens of domain names registered by EstDomains were hosted by Intercage, a California hosting company that has come under fire for allowing scammers to operate on its network. Those experts concluded that as many as 78 percent of the domains and mail servers on Intercage’s network were hostile. Many of the domain names registered by EstDomains were linked to spam that advertised fake luxury goods or pharmaceuticals. Source: http://www.pcworld.com/businesscenter/article/153042/icann_delays_shutting_down_spammy_estonian_registrar.html


27. October 29, VNUnet.com – (International) Javascript to be next core malware language. The demand that the development of web 2.0 has placed on browsers to become more interactive and act as a portal rather than just a viewing platform is opening up new vulnerabilities to unsuspecting users, the team leader of the Security Operation Center at IT security firm Radware, has warned. One such security hole is in Javascript, which would allow a hacker to copy any file from a user’s PC with little chance of detection. According to a team leader of the Security Operation Center at IT security firm Radware, this new class of attack will be attractive to cyber-criminals because this approach is cross platform and cross browser, allowing the hackers to access systems previously unavailable to them, such as Linux, Mac and mobile. The problem stems from the fact that internet browsers have quickly moved from being passive text and picture viewers to essentially an operating system in their own right, through interactive services such as user-generated content, hosted applications, web mail and social networks. Source: http://uk.news.yahoo.com/16/20081029/ttc-javascript-to-be-next-core-malware-l-6315470.html


Communications Sector


28. October 30, Network World – (National) Researchers show off advanced network control technology. Researchers at Stanford University say they can adjust network infrastructure to boost bandwidth, optimize latency and save power using an experimental technology called OpenFlow. OpenFlow is in the proof-of-concept stage but someday could be used in business networks to engineer traffic, says an associate professor of electrical engineering and computer science at Stanford University. OpenFlow is part of the Clean Slate initiative set up to consider how the Internet might be optimized. Researchers devised OpenFlow as a way to test out new network protocols on existing networks without disrupting production applications. The only other option is to set up separate infrastructure on which to run experiments, a costly alternative. Source: http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=knowledge_center&articleId=9118579&taxonomyId=1&intsrc=kc_top

Thursday, October 30, 2008

Complete DHS Daily Report for October 30, 2008

Daily Report

Headlines

 According to United Press International, the U.S. Army has set up a task force to counter the theft of sensitive data by hackers breaking into the computer networks of military contractors. (See item 8)

8. October 27, United Press International – (National) Army defense task force targeting hackers. The U.S. Army has set up a task force to counter the theft of sensitive data by hackers breaking into the computer networks of military contractors. The Defense Industrial Base Cyber-Security Task Force was quietly established earlier this year, in the face of what an Army document says are continuing large-scale thefts of “controlled unclassified information” from contractor systems. “Exfiltrations of unclassified data from [military contractor computer] systems have occurred and continue to occur, potentially undermining and even neutralizing the technological advantage and combat effectiveness of the future force,” the document says. At stake is sensitive data “used in the development of war-fighting systems during the acquisition life-cycle.” In military lingo, that means information about weapons programs being developed and produced by private-sector contractors. Source: http://www.infosecnews.org/hypermail/0810/15489.html

 The Associated Press reports that the U.S. Environmental Protection Agency is ordering 11 public water systems in California to reduce levels of arsenic in their drinking water systems. (See item 26)

26. October 28, Associated Press – (California) EPA orders Calif water systems to reduce arsenic. The U.S. Environmental Protection Agency (EPA) is ordering 11 public water systems in California to reduce levels of arsenic in their drinking water systems. The EPA is requiring the water systems to develop and meet a schedule to comply with the federal government’s arsenic standard. Arsenic is a naturally occurring mineral found in groundwater that is known to increase the risk of cancer as well as heart disease, diabetes and neurological damage. EPA officials say the water systems will face penalties of up to $32,500 per day if they fail to take steps to reduce arsenic levels. Source: http://www.mercurynews.com/news/ci_10837346

Details

Banking and Finance Sector


9. October 29, Mondaq – (National) FDIC issues interim rule to implement the temporary liquidity guarantee program. The FDIC approved an interim rule to govern the Temporary Liquidity Guarantee Program (“TLGP”). The TLGP has two components: the Debt Guarantee Program, which guarantees newly issued senior unsecured debt of participating banking organizations issued between October 14, 2008 and June 30, 2009 (“Guaranteed Debt”); and the Transaction Account Guarantee Program which provides full deposit insurance coverage for non-interest bearing transaction accounts (“Guaranteed Accounts”), regardless of dollar amount. All eligible institutions are automatically enrolled in the TLGP for the first 30 days at no cost. All participating banking organizations must clearly identify, in writing and in a commercially reasonable manner, whether newly issued debt is guaranteed under the TLGP. Participating banking organizations must also post notices which indicate its participation, and if participating in the Transaction Account Guarantee Program, that all funds held in Guaranteed Accounts are insured in full by the FDIC. Source: http://www.mondaq.com/article.asp?articleid=68772


10. October 29, Reuters – (National) GMAC seeks bank status for rescue funding. GMAC, the auto finance and mortgage company, is seeking to become a bank holding company in order to access the government’s $700 billion financial rescue plan, the Wall Street Journal reported on Tuesday. As a bank holding company, GMAC could receive equity injections from Treasury Department and sharply reduce its borrowing costs in part by gaining access to the Fed’s discount window. A GMAC spokesman said earlier on Tuesday that GMAC LLC had been granted approval by the Fed to use a commercial paper funding facility created earlier by this month by the central bank. The newspaper said that while the mechanics of a bank registration would be complex for GMAC it might include a requirement that General Motor’s (GM) stake in GMAC be no more than 24.9 percent. Cerberus owns 51 percent of GMAC. GM owns the remainder. Cerberus and General Motors Corp have been discussing a merger deal for Chrysler since September. Source: http://www.reuters.com/article/ousiv/idUSTRE49S1K520081029


11. October 28, SC Magazine – (International) Turkish hacker arrested by FBI made video giving tips for installing ATM skimmers. A Turkish hacker was arrested as part of the FBI operation against underground forum DarkMarket produced his own training videos, researchers revealed this week at the RSA Europe conference in London. The RSA Consumer Solutions Head of New Technologies said the hacker was behind the manufacture of hundreds of ATM skimming devices made from readily available parts, including switches from IKEA, and sold online. Source: http://www.scmagazineus.com/Turkish-hacker-arrested-by-FBI-made-video-giving-tips-for-installing-ATM-skimmers/article/120035/


12. October 28, CU Info Security – (National) GAO-Check 21 Act: Most consumers have accepted and banks are progressing toward full adoption of check truncation. Check truncation, the process by which a check is converted into an electronic debit or image of the check, which serves as the official record of the check, has not yet resulted in overall gains in economic efficiency for the Federal Reserve or for a sample of banks while Federal Reserve and bank officials expect efficiencies in the future. GAO’s analysis of the Federal Reserve’s cost accounting data suggests that its costs for check clearing may have increased since Check 21, which may reflect that the Federal Reserve must still process paper checks while it invests in equipment and software for electronic processing and incurs costs associated with closing a number of check offices. Check imaging and the use of substitute checks appear to have had a neutral or minimal effect on bank fraud losses. Source: http://www.cuinfosecurity.com/regulations.php?reg_id=920


Information Technology


32. October 29, CIO-Today – (International) Virus infections via USB drives increasing sharply. Antivirus software maker Trend Micro Inc. has found that reported computer virus infections via USB flash memory drives more than doubled in September, Jiji Press learned. Infections in the month with the Otorun worm, which propagates via removal drives such as USB drives, surged 140 percent from the previous month to 347 cases, Trend Micro said in a monthly survey report. The company’s monthly reports showed that viruses transmitted via USB drives began to rapidly increase in February, with the number of Otorun infections in January-June reaching 517, the most popular to far exceed 201 cases of the Agent, Trend Micro said. The company said that 53.7 percent of viruses newly found in September were capable of sneaking into computers via USB drives. Such viruses are becoming a great threat because most people are not aware of them, the security software firm warned. Source: http://www.cio-today.com/news/Virus-Infections-via-USB-Increasing/story.xhtml?story_id=13100BOFQ847


Communications Sector

Nothing to report

Department of Homeland Security Daily Open Source Infrastructure Report

Wednesday, October 29, 2008

Complete DHS Daily Report for October 29, 2008

Daily Report

Headlines

 USA Today reports that the U.S. Transportation Security Administration expects by next fall to lift restrictions that limit airline passengers to carrying 3-ounce bottles of liquids, gels, and aerosols in airplane cabins, according to an announcement on the agency’s website. (See item 14)

14. October 27, USA Today – (National) TSA likely to ease restrictions on liquids in 2009. Airline passengers will likely be able to carry large bottles of liquids on airplanes by sometime in 2009, the Transportation Security Administration (TSA) says. The TSA expects by next fall to lift restrictions that limit passengers to carrying 3-ounce bottles of liquids, gels and aerosols in airplane cabins, according to an announcement on the agency’s website. Passengers would still have to remove liquids from carry-on bags at airport checkpoints and put them through X-ray machines separately. By the end of 2010, passengers should be able to keep liquids as they go through checkpoints. The changes are expected because better technology will enable checkpoint X-ray machines to spot dangerous liquids. X-ray machines currently cannot tell the difference between harmless fluids and explosives. Easing the restrictions could also speed up security lines, said the chairman of the Business Travel Coalition. Source: http://www.usatoday.com/travel/flights/2008-10-27-tsa-liquids_N.htm?csp=34

 According to Reuters, two white supremacist skinheads were arrested in Tennessee over plans to go on a killing spree and eventually shoot the Democratic presidential candidate, court documents showed on Monday. (See item 28)

28. October 28, Reuters – (National) Skinheads held over plot to kill Obama. Two white supremacist skinheads were arrested in Tennessee over plans to go on a killing spree and eventually shoot the Democratic presidential candidate, court documents showed on Monday. The two suspects were charged in a criminal complaint with making threats against a presidential candidate, illegal possession of a sawed-off shotgun, and conspiracy to rob a gun dealer. The plot did not appear to be very advanced or sophisticated, the court documents showed. The men stole guns from family members and also had a sawed-off shotgun. They planned to target a predominately black school, going state to state while robbing individuals, and continuing to kill people, said a special agent with the Bureau of Alcohol, Tobacco, Firearms, and Explosives in an affidavit. “They further stated that their final act of violence would be to attempt to kill/assassinate presidential candidate Barack Obama,” he said. Source: http://www.reuters.com/article/newsOne/idUSTRE49Q7KJ20081028

Details

Banking and Finance Sector


10. October 28, Associated Press – (National) Businessman sentenced in $107M bank fraud. A businessman has been sentenced to nine years and nine months after pleading guilty to charges related to bilking $107 million from a taxpayer-funded bank. The businessman was ordered by a U.S. District Judge on Monday to pay $10 million in restitution, equal to his profits from the scheme, and $494,822 in back taxes. The judge also ordered him to serve three years of federal supervision after he is released from prison. He pleaded guilty in August to wire fraud, conspiracy, tax evasion, money laundering and filing false tax reports and faced up to 10 years in prison, as part of a plea deal. Bank officials testified that the man exploited Export-Import Bank’s medium-term loan guarantee program, forcing the bank to make good on $107 million in loans that went into default. The man also allegedly caused another $10 million in losses to Vinmar Finance Ltd., a commercial lender in Houston that he had turned to in 2005 when the Export-Import Bank stalled in issuing loan guarantees to Parker’s clients. Source: http://www.chron.com/disp/story.mpl/ap/tx/6081424.html


11. October 28, Greenville Sun – (Tennessee) E-mail scam reported involving credit union. Several Greeneville residents reported receiving e-mail on Friday purportedly from a Georgia credit union that warned of restrictions placed on the recipients’ accounts. The credit union e-mail says employees are available 24 hours a day, seven days a week to handle calls. A TIC Federal Credit Union spokesman said the e-mail messages were part of a “phishing scam” designed to defraud those who respond by return phone call. Source: http://www.greenevillesun.com/story/298908


Information Technology


32. October 28, SC Magazine – (International) Yahoo’s HotJobs site vulnerable to cross-site scripting attack. Internet research firm Netcraft’s toolbar has detected a cross-site scripting bug in Yahoo that could be exploited to steal authentication cookies. The flaw resides on Yahoo’s HotJobs search engine site, on which hackers embedded malicious JavaScript code, an employee of Netcraft said in a blog post on October 26. The pilfered credentials could enable the attackers access to the victims’ Yahoo accounts, including email. This vulnerability is similar to another bug that affected Yahoo earlier this year, he said. “Simply visiting the malign URLs on Yahoo.com can be enough for a victim to fall prey to the attacker, letting him steal the necessary session cookies to gain access to the victim’s email the victim does not even have to type in their username and password for the attacker to do this,” the Netcraft employee wrote. “Both attacks send the victim to a blank webpage, leaving them unlikely to realize that their own account has just been compromised.” He said websites must protect cookie values. Netcraft notified Yahoo about the flaw. Source: http://www.scmagazineus.com/Yahoos-HotJobs-site-vulnerable-to-cross-site-scripting-attack/article/120008/


33. October 27, SC Magazine – (International) Malicious spam sees eight-fold jump in six months. The incidence of malicious spam attachments has increased eight-fold during the past six months, according to the third-quarter spam report released today by IT security and control firm, Sophos. During July to September, one in every 416 email messages contained a malicious attachment, compared to one in every 3,333 emails in the previous quarter, the report states. Data for the report is generated through global spam traps email addresses not used for legitimate purposes that have been set up or bought from now-defunct companies, according to a senior security analyst at Sophos. Other report findings indicate that the United Sates tops the list of the dirty dozen or top twelve countries that are responsible for relaying spam across the globe. Compromised computers in the United States sent out 18.9 percent of all spam, followed by Russia (8.3 percent), Turkey (8.2 percent), China (5.4 percent), Brazil (4.5 percent), South Korea (3.8 percent), India (3.5 percent), Argentina (2.9 percent), Italy (2.8 percent) and the United Kingdom (2.7 percent), Columbia (2.5 percent) and Thailand (2.4 percent). Even though the United States consistently tops the dirty dozen list, its lead has narrowed compared to previous quarters, when the nation’s compromised computers sent out approximately half of all spam. Entering the dirty dozen this month are India, Columbia and Thailand. The report also states that social engineering exploits are on the rise and spammers have increasingly used social networking websites to spread malware a trend Sophos researchers expect to continue to rise Source: http://www.scmagazineus.com/Malicious-spam-sees-eight-fold-jump-in-six-months/article/119994/


34. October 27, Dark Reading – (National) Internet apps & social networking office boom linked to breaches. According to a new survey, by FaceTime Communications Inc., organizations where more employees are using social networking at work now than six months ago have experienced more security incidents. Nearly 60 percent of all IT managers surveyed reported that their users social-network at the office. Of those organizations, the ones where the number of users using social networking increased compared to six months ago experienced an average of 39 security incidents a month, requiring 24 hours worth of remediation. Those with about the same or fewer users of social networking at work experienced around 22 or 23 such incidents a month, with about half the remediation time. The overall survey looked at the use of Internet-based applications like Facebook, LinkedIn, instant messaging, and voice-over-IP. The report surveyed over 500 employees and IT managers, over half of which work at organizations with over 1,000 employees. Among the most surprising finds in the report was that one third of the employees surveyed said they had the right to run these applications on their desktop, even if it was a violation of IT policy. Another red flag was when it came to data leaks at these organizations: four in 10 IT managers said they had experienced security incidents that were purposeful, while 27 percent had seen “unintentional release of corporate information” occur. Source: http://darkreading.com/security/vulnerabilities/showArticle.jhtml?articleID=211600874


Communications Sector


35. October 28, Daily Telegraph – (National) G1 ‘Google phone’ security flaw found. A team of computer security experts have found a “serious flaw” in the operating system used on Google’s first ever mobile phone, the T-Mobile G1. The phone, which runs the Android operating system, an open source platform developed in part by Google, went on sale in the U.S. last Wednesday. According to one of the computer specialists who discovered the flaw, hackers could have used the security loophole to trick G1 users into visiting a rogue website, which would in turn secretly install keystroke-logging software onto the phone. That would enable hackers to remotely monitor and record what buttons the user pressed, and could have made it easy to steal identity information, such as logins and passwords, for banking or shopping websites. Source: http://www.telegraph.co.uk/connected/main.jhtml?xml=/connected/2008/10/28/dlgoog128.xml